77/100 SECURITY SCORE

Certificate Information

Subject
CN=caspersoft.lk
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 24, 2025
Valid Until
February 22, 2026 85 days
Public Key
RSA 2048 bit Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
CA:FD:53:1A:F5:7F:76:14:AB:0A:D0:97:E0:B0:7D:53:3A:26:5C:A0:B5:45:7F:2D:EF:B4:29:50:0B:79:4F:04
Alternative Names

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains
www.derech.co.il

Other domains in certificate

365days.me
pool.ackermanpla.net
www.agenciamidmark.com.br
www.ameicontabilidadeonline.com.br
www.apli.tv
staging-admin.app-faststaff.com
www.arc.gay
showroom.athum.com
atlis.io
avirealestate.com
b-loom.jp
baroqueaccess.com
blog.beancountme.com
staging-experiences.benguelacove.co.za
bpay.bnext.es
bradduns.com
caspersoft.lk
www.charliestudio.app
3hlearning.co.in quickcode.co.in
www.coperinno.com
craft-itech.co
app.cribsy.ai
tr-tr.cronz.co
beta.app.devalayas.com
www.dreambugsoftware.se
block.e-onlineservice.com
www.eduventurelandgame.com
l-dev.eirinc.jp
elenidis.gr
mobilityplus-test.enbw.com
app.evoked.io
evoque.biz
fairy.world
www.famboos.com
feligresia.net
frinksmovement.com
geoloc.app
schedule.germanlanguage.ph
api.getbreef.com
www.grannyfab.com
campus.grinboss.com
haidong.mx
haniandmatt.com
havabee.com
helixcode.in
sworkhelp.hnst.vn
hogstadiet.se
homovital.de
houndsonthehoof.co.uk
www.inc.solutions
www.inocentro.pt
invidstor.com
techconnect.jackhenry.com
icelandair-sdk-sandbox.joinsherpa.io
www.kalkicapital.com
kitsune.world
lass-uns-leben.de
leydev.com.br
www.linfieldstables.info
bakerush.maxwallner.com
privacy-dev.migolink.com
nfcard.shop
chatbotui.novafutur.com
onthespotapp.net
default.openreads.xyz
outdoapp.pt
stradafiat.pessego.com
profoundmodel.org
my.profylecard.com
sigma.punefasteners.com
app.rapidbotz.com
vm.raven.live
www.reactjs.de
realtime.team
empower.savannahghi.org
www.under-the-shelf.shelbyshipley.dev
clinic.sokuyaku.jp
www.summitto.com
safe.tadatada.com
dev.tatainvite.com
minhnghiaminhtam.tattyhouse.com
tenofakind.com
inventory.texone.app
randomizer.thehopestreet.org
tikti.me
tonydowney.ca
toot.co
sportclubmujer.turnosweb.app
www.uniorbiketools.com
ad.venture-ist.com
www.vext.co.uk
www.floater.wheesy.de
www.zet.wize.pe
link.woo.org
contractor.eu.wow-dev.org
www.10110.dev
referral.xrex.exchange
zecrypt.io